CHAPTER 1: INTRODUCTION
All organizations face risks1 to information and information assets. Many organizations seek to identify and control those risks, usually as part of a structured approach to information security risk management.
ISO/IEC27001:2005 is an international standard specification for an Information Security Management System (or ‘ISMS’). Organizations that develop an ISMS in line2 with the specification of ISO27001 can receive external, third-party certification that their ISMS conforms to the standard, and such a certificate can have significant commercial, financial and compliance benefits.
ISO/IEC17799:2005 is the international Code of Practice for information security; it provides detailed guidance to support the specification ...
Get Risk Assessment for Asset Owners now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
